This lesson is part of the Security in Ignition course. You can browse the rest of the lessons below.

LESSON LIST

Autoplay Off
Take topic challenge

Description

Enable SSL communications in Ignition to set up secure communication to the Gateway webpage as well as Client/Designer communication with the Gateway. Learn how to acquire and install an SSL Certificate for Ignition. Note that this video does not reflect the changes made when the Gateway SSL interface was introduced in Ignition 8.0.3: https://docs.inductiveautomation.com/display/DOC80/Using+SSL

Video recorded using: Ignition 7.9

Transcript

(open in window)

[00:00] Ignition supports the use of SSL communication. This means we can encrypt the information that appears on the gateway webpages. Additionally, designer and client communications with the gateway will also be encrypted. Enabling SSL is very simple. All we have to do is go over to the configure section of the gateway under system. I am on the gateway settings page here. And if I scroll down, this list of gateway settings properties, there is a use SSL property. All we have to do is set this to true and save changes. We do recommend that you purchase a SSL certificate from a certificate authority when enabling SSL. To demonstrate, let me show you what happens when you don't have a genuine certificate. I'll scroll down to the bottom of this page here and click save changes. You'll see a warning that looks kind of like this, depending on which browser you're using. We're seeing this warning because Ignition's web server is currently using a self-signed certificate, which is a certificate it generated itself. My browser detected this and is trying to protect me. Now, we can bypass this here if I just go down under advanced. But before I do, I do want to point out that if you look at the address bar at the top here we're using H-T-T-P-S. So, S for the SSL connection. And we're using Ignition's SSL port. If you change the SSL port, you'll see a different number at the top. At this point in time, we're using SSL to encrypt our data. I do want to point out that you will not see this warning message in your clients or designers. They're running just the same as they always do, except they're receiving data over the SSL port now. So, you don't have to make any other changes on your clients or designers. So, if you do get this warning you can usually tell your browser to make an exception for this one site. I know for a fact that on localhost, so on the computer I'm on right now, on this port, that is my Ignition service running here. So I know I can trust it. It goes without saying, but always check that address bar. Make sure it's a valid address or something you can trust. I'm going to come down under advanced and I'm going to proceed to localhost and I'm back on my gateway here. So, if that warning message doesn't both you too much you don't have to install a genuine SSL certificate. However, if you would like to install a genuine SSL certificate, please check out the gateway security section of the user manual. Or, search our knowledge base articles.

You are editing this transcript.

Make any corrections to improve this transcript. We'll review any changes before posting them.

close

Share this video